version 2.8 distribute monitoring doubts

This forum was archived to /woltlab and is now in read-only mode.
  • Hello a while ago I have a working server icinga2 using icinga2 agent from version 2.8 all change drastically, install a new server to test and understand how CA proxy works and still can not solve the problem I follow the instructions that refer here : https://www.icinga.com/2017/11/13/how-to-icinga-2-ca-proxy/ using On-Demand CSR Signing

    Code
    1. [root@icinga2 ~]# icinga2 ca list
    2. Fingerprint | Timestamp | Signed | Subject
    3. -----------------------------------------------------------------|--------------------------|--------|--------
    4. 79b36a3d400ffaa784319c6ee4045e5fffe1b9174de37aab5e477f00d58037be | Nov 22 20:33:49 2017 GMT | * | CN = gestion1.upr.edu.cu
    5. bf312ffb39e17812bfb6bd11b67fda28689bf2eb145cf00fe839c31c137bbf8a | Nov 20 21:22:39 2017 GMT | * | CN = gestion1.upr.edu.cu
    6. [root@icinga2 ~]#


    Code
    1. [root@icinga2 ~]# icinga2 ca sign 79b36a3d400ffaa784319c6ee4045e5fffe1b9174de37aab5e477f00d58037be
    2. information/cli: Signed certificate for 'CN = gestion1.upr.edu.cu'.

    Log

    Code
    1. [2017-11-22 15:38:05 -0500] warning/JsonRpcConnection: API client disconnected for identity 'gestion1.upr.edu.cu'
    2. [2017-11-22 15:39:05 -0500] information/ApiListener: New client connection for identity 'gestion1.upr.edu.cu' from [10.2.1.4]:51758 (no Endpoint object found for identity)

    Any idea, some body can help me

  • Hi,


    did you create an endpoint object inside your zone.conf on your Icinga master?

    https://www.icinga.com/docs/ic…ted-monitoring/#endpoints

    did you refer to that ?

  • Yes. You need to configure the Endpoint (and Zone) objects on your master.


    Example:


    If the Endpoint object is not configured, the Icinga master does not know about this endpoint and when it tries to connect to the Icinga master will drop the connection. This si

  • Now a fix that, but i have that information in icinga2.log

    Code
    1. [2017-11-23 10:17:56 -0500] information/ApiListener: Reconnecting to endpoint 'gestion0.upr.edu.cu' via host '10.2.1.3' and port '5665'
    2. [2017-11-23 10:17:56 -0500] critical/TcpSocket: Invalid socket: Connection refused
    3. [2017-11-23 10:17:56 -0500] critical/ApiListener: Cannot connect to host '10.2.1.3' on port '5665'
    4. [2017-11-23 10:17:56 -0500] information/ApiListener: Finished reconnecting to endpoint 'gestion1.upr.edu.cu' via host '10.2.1.3' and port '5665'
  • Can you please show us your current zones.conf? From what I see from the Log, did you used the same IP address for the endpoint "gestion0.upr.edu.cu" as for "gestion1.upr.edu.cu"?

  • Thanks I'm already understanding how it works and I got it communicated, because I was not clear, that I was in the icinga2 zone.conf the configuration of end point and server zone that you want to add